Virus Has Infected All Files Including Antivirus/Spyware Programs

I'm trying to help my family get this nasty virus off their computer and it won't let me run any programs such as malwarebytes, antipsyware. It keeps saying the file has been infected. Not sure how i proceed to get rid of this virus. One message I keep getting is application cannot be executed. The file (filename) is infected. Do you want to activate your antivirus now? and Infiltration Alert Your computer is being attacked by an internet virus. It could be a pssword stealing attack, a trojan - dropper or similar. Threat Win32/Nuqel.E

Hello,
Welcome toWhatTheTech. My name is mowman, and I will be helping you fix your problems.

If you do not make a reply in 3 days, we will have to close your topic.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the Options button at the top bar of this topic and Track this topic. The topics you are tracking can be found by clicking on My Topics at the top of any page.

Please take note of some guidelines for this fix:

•Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
•If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
•Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
•Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply.
Only attach them if requested or if they do not fit into the post
•Please be aware that I am still in training, and all of my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advice.
•This may cause a delay in response time, but I will do my best to keep it as short as possible.
•I will reply back shortly with instructions.

Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes from Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again

Error - 7/18/2010 7:59:35 AM | Computer Name = USER-XM18BGEGGA | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 7/18/2010 7:59:35 AM | Computer Name = USER-XM18BGEGGA | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 7/18/2010 7:59:35 AM | Computer Name = USER-XM18BGEGGA | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support
Environment service which failed to start because of the following error: %%31

Error - 7/18/2010 7:59:35 AM | Computer Name = USER-XM18BGEGGA | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Download Combofix from either of the links below. Youmustrename it to combo.com before saving it.
Save it to your desktop. Change the save as file type to "all files"

**Note: In the event you already have Combofix, delete it, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

If you are using Firefox, make sure that your download settings are as follows:

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click onthis linkto see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE: If ComboFix asks to install the Recovery Console, please ALLOW it to do so.

Double click on the renamed ComboFix.exe & follow the prompts. When finished, it will produce a report for you.

Please post the C:\ComboFix.txt so we can continue cleaning the system.

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

0 user(s) are reading this topic

About What the Tech

Tom (Coyote) Wilson started this site as TomCoyote.org in 2002. Along with SpywareInfo, it was one of the first places to offer online malware removal training in its Classroom. Cluster headaches forced retirement of Tom in 2007, and the site was renamed "What the Tech". Free malware removal help and training has remained a constant.